Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Moodle < 1.6.2 Multiple Vulnerabilities

High

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple attack vectors.

Description

The remote host is running Moodle, an open-source content-management system written in PHP. This version of Moodle is vulnerable to a SQL Injection flaw, a cross-site scripting flaw, and an information disclosure flaw. An attacker exploiting these flaws would only need to be able to send malformed HTTP requests to the server. Successful exploitation would result in arbitrary SQL command execution on the remote database server, code execution within client browsers, or gleaning of information useful in future attacks.

Solution

Upgrade to version 1.6.2 or higher.